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Amendments to the Claims : 

1 . (Currently Amended) A system comprising: 

a terminal capable of communicating configured to communicate at least one of within and-or 
across at least one network, wherein the terminal is included within an organization including a plurality 
of terminals, each terminal being at at least one of a plurality of logical positions within the organization; 

a primary certification authority (CA) capabl e of providing configured to provide an identity 
certificate to the terminal, wherein the primary CA is capabl e of issuing configured to issue an identity 
certificate to each terminal of the organization; 

a secondary CA capabl e of providing configured to provide at least one role certificate to the 
terminal based upon the at least one logical position of the terminal within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing configured to issue at least one role 
certificate to respective groups of terminals of the organization based upon the at least one logical 
position of each of the respective terminals within the organization; and 

a server capable of authenticating configured to authenticate the terminal based upon the identity 
certificate and the at least one role certificate of the terminal to thereby determine whether to grant the 
terminal access to at least one resource of the server. 

2. (Currently Amended) A system according to Claim 1, wherein the terminal comprises a 
terminal included within an organization comprising a customer base of a cellular service provider that 
includes a plurality of terminals, each terminal being at one of a plurality of logical positions comprising a 
plurality of service plans offered by the cellular network operator. 

3. (Currently Amended) A system according to Claim 1, wherein the terminal comprises a 
terminal included within an organization comprising a customer base of a cellular service provider that 
includes a plurality of terminals, each terminal being at at least one of a plurality of logical positions 
comprising a plurality of services offered by the cellular network operator. 

4. (Currently Amended) A system according to Claim 1, wherein the secondary CA is 
capabl e of providing configured to provide at least one role certificate each having an associated validity 
time no greater than a validity time of the identity certificate provided by the primary CA. 
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5. (Currently Amended) A system according to Claim 4, wherein the server is capable of 
auth e nticating configured to authenticate the terminal based upon the validity times of the identity 
certificate and at least one role certificate of the respective terminal. 

6. (Currently Amended) A system according to Claim 1 , wherein the terminal is capabl e of 
r e qu e sting configured to request access to at least one resource of a server before the server authenticates 
the terminal, and wherein the server is capabl e of granting c onfigured to grant access to the at least one 
resource if the terminal is authenticated. 

7. (Currently Amended) A method of authenticating a terminal comprising: 

providing a terminal capabl e of communicating configured to communicate at least one of within 
aed-or across at least one network, wherein the terminal is included within an organization including a 
plurality of terminals, each terminal being at at least one of a plurality of logical positions within the 
organization; 

providing an identity certificate to the terminal from a primary certification authority (CA), 
wherein the primary CA is capabl e of issuing configured to issue an identity certificate to each terminal of 
the organization; 

providing at least one role certificate to the terminal from a secondary CA based upon the at least 
one logical position of the terminal within the organization, wherein the organization includes a plurality 
of secondary CA's capabl e of issuing configured to issue at least one role certificate to respective groups 
of terminals of the organization based upon the at least one logical position of each of the respective 
terminals within the organization; and 

authenticating the terminal at a server based upon the identity certificate and the at least one role 
certificate of the terminal to thereby determine whether to grant the terminal access to at least one 
resource of the server. 

8. (Currently Amended) A method according to Claim 7, wherein providing a terminal 
comprises providing a terminal included within an organization comprising a customer base of a cellular 
service provider that includes a plurality of terminals, each terminal being at one of a plurality of logical 
positions comprising a plurality of service plans offered by the cellular network operator. 
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9. (Currently Amended) A method according to Claim 7, wherein providing a terminal 
comprises providing a terminal included within an organization comprising a customer base of a cellular 
service provider that includes a plurality of terminals, each terminal being at at least one of a plurality of 
logical positions comprising a plurality of services offered by the cellular network operator. 

10. (Original) A method according to Claim 7, wherein providing at least one role certificate 
comprises providing at least one role certificate each having an associated validity time no greater than a 
validity time of the identity certificate. 

1 1 . (Original) A method according to Claim 10, wherein authenticating the terminal 
comprises authenticating the terminal based upon the validity times of the identity certificate and at least 
one role certificate of the respective terminal. 

12. (Original) A method according to Claim 7 further comprising: 

requesting, from the terminal, access to at least one resource of a server before authenticating the 
terminal; and 

granting access to the at least one resource if the terminal is authenticated. 

13. (Currently Amended) A terminal included within an organization including a plurality of 
terminals, each terminal being at at least one of a plurality of logical positions within the organization, the 
terminal comprising: 

a controller capabl e of communicating configured to communicate at least one of within and-or 
across at least one network, wherein the controller is capabl e of obtaining configured to obtain an identity 
certificate from a primary certification authority (CA) capable of issuing configured to issue an identity 
certificate to each terminal of the organization, wherein the controller is also capabl e of obtaining 
configured to obtain at least one role certificate from a secondary CA based upon the at least one logical 
position of the terminal within the organization, wherein the organization includes a plurality of 
secondary CA's capabl e of issuing configured to issue at least one role certificate to respective groups of 
terminals of the organization based upon the at least one logical position of each of the respective 
terminals within the organization; and 

a memory capable of storing configured to store t he identity certificate and at least one role 
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certificate, 

wherein the controller is also capabl e of communicating configured to communicate with a server 
such that the server is capable of auth e nticating configured to authenticate the terminal based upon the 
identity certificate and the at least one role certificate of the terminal to thereby determine whether to 
grant the terminal access to at least one resource of the server. 

14. (Currently Amended) A terminal according to Claim 13, wherein the controller is 
capable of obt aini ng configured to obtain an identity certificate from a primary CA capable of issuing 
configured to issue an identity certificate to each terminal of the organization comprising a customer base 
of a cellular service provider that includes a plurality of terminals, each terminal being at one of a 
plurality of logical positions comprising a plurality of service plans offered by the cellular network 
operator. 

15. (Currently Amended) A terminal according to Claim 13, wherein the controller is 
capabl e of obtaining configured to obtain an identity certificate from a primary CA capabl e of issuing 
configured to issue an identity certificate to each terminal of the organization comprising a customer base 
of a cellular service provider that includes a plurality of terminals, each terminal being at at least one of a 
plurality of logical positions comprising a plurality of services offered by the cellular network operator. 

16. (Currently Amended) A terminal according to Claim 13, wherein the controller is 
capable of obtaining configured to obtain at least one role certificate each having an associated validity 
time no greater than a validity time of the identity certificate obtained by the controller. 

17. (Currently Amended) A terminal according to Claim 16, wherein the controller is also 
capable of communicating configured to communicate with a server such that the server is capabl e of 
auth e nticating configured to authenticate the terminal based upon the validity times of the identity 
certificate and at least one role certificate of the respective terminal. 

1 8. (Currently Amended) A terminal according to Claim 13, wherein the controller is 
capable of requ e sting configured to request access to at least one resource of a server before the server 
authenticates the terminal such that the server is capable of granting configured to grant access to the at 
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least one resource if the terminal is authenticated. 

19. (New) A method of authenticating a terminal comprising: 

receiving an identity certificate at a terminal configured to communicate at least one of within or 
across at least one network, wherein the terminal is included within an organization including a plurality 
of terminals, each terminal being at at least one of a plurality of logical positions within the organization, 
and wherein the identity certificate is received from a primary certification authority (CA) configured to 
issue an identity certificate to each terminal of the organization; 

receiving at least one role certificate at the terminal from a secondary CA based upon the at least 
one logical position of the terminal within the organization, wherein the organization includes a plurality 
of secondary CA's configured to issue at least one role certificate to respective groups of terminals of the 
organization based upon the at least one logical position of each of the respective terminals within the 
organization; and 

sending a request from the terminal to a server, the request including the identity certificate and 
the at least one role certificate of the terminal to enable the server to thereby determine whether to grant 
the terminal access to at least one resource of the server based thereon. 

20. (New) A method according to Claim 19, wherein the terminal is included within an 
organization comprising a customer base of a cellular service provider that includes a plurality of 
terminals, each terminal being at one of a plurality of logical positions comprising a plurality of service 
plans offered by the cellular network operator. 

21 . (New) A method according to Claim 1 9, wherein the terminal is included within an 
organization comprising a customer base of a cellular service provider that includes a plurality of 
terminals, each terminal being at at least one of a plurality of logical positions comprising a plurality of 
services offered by the cellular network operator. 

22. (New) A method according to Claim 19, wherein providing at least one role certificate 
comprises providing at least one role certificate each having an associated validity time no greater than a 
validity time of the identity certificate. 
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23. (New) A server comprising: 

a processor configured to receive a request from a terminal configured to communicate at least 
one of within or across at least one network, wherein the terminal is included within an organization 
including a plurality of terminals, each terminal being at at least one of a plurality of logical positions 
within the organization, wherein the request includes an identity certificate and at least one role 
certificate, the terminal having received the identity certificate from a primary certification authority (CA) 
configured to issue an identity certificate to each terminal of the organization, and having received the at 
least one role certificate from a secondary CA based upon the at least one logical position of the terminal 
within the organization, the organization including a plurality of secondary CA's configured to issue at 
least one role certificate to respective groups of terminals of the organization based upon the at least one 
logical position of each of the respective terminals within the organization, 

wherein, in response to the request, the processor is configured to determine whether to grant the 
terminal access to at least one resource of the server based on the identity certificate and the at least one 
role certificate, and 

wherein the processor is configured to grant access to the at least one resource if the terminal is 
authenticated. 

24. (New) A server according to Claim 23, wherein the terminal is included within an 
organization comprising a customer base of a cellular service provider that includes a plurality of 
terminals, each terminal being at one of a plurality of logical positions comprising a plurality of service 
plans offered by the cellular network operator. 

25. (New) A server according to Claim 23, wherein the terminal is included within an 
organization comprising a customer base of a cellular service provider that includes a plurality of 
terminals, each terminal being at at least one of a plurality of logical positions comprising a plurality of 
services offered by the cellular network operator. 

26. (New) A server according to Claim 23, wherein each of the at least one role certificate 
has an associated validity time no greater than a validity time of the identity certificate. 
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